MasterCard first posted two initial Tweets today, one of which read: “[MasterCard] alerted issuers regarding potential 3rd party [account] data compromise.” A second Tweet sent about four minutes later stated: “[MasterCard] cardholders concerned about 3rd party data security investigation should contact their card issuing bank.”
MasterCard further reassured cardholders through Twitter that they were protected by a zero liability policy for unauthorized transactions.
Visa also acknowledged the incident on Twitter, stating: “Visa is aware of potential data compromise at third party entity affecting all major card brands. There’s been no breach of Visa systems.”
The incident, first reported by Brian Krebs on his blog Krebs on Security, said a third party credit card processor was breached between January 21, 2012 and February 25, 2012. The Wall Street Journal reported Global Payments was the victim of the breach, which exposed 50,000 cardholders.
MasterCard said in a statement that its own systems had not been compromised and that “the incident is currently the subject of an ongoing forensic review by an independent data security organization.”
Neither MasterCard nor Visa was immediately available for comment.